Linux

7794 readers

5 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
Be respectful: Treat fellow community members with respect and courtesy.
Quality over quantity: Share informative and thought-provoking content.
No spam or self-promotion: Avoid excessive self-promotion or spamming.
No NSFW adult content
Follow general lemmy guidelines.

founded 1 year ago

MODERATORS

[email protected]

Flathub let its TLS certificate expire. (lemmy.world)

submitted 1 year ago by [email protected] to c/[email protected]

16 comments fedilink hide all child comments

It's breaking the access to the website and not a good look for the "app store for Linux". A lesson in central points of failure?

top 16 comments

sorted by: hot top controversial new old

[–] [email protected] 14 points 1 year ago (1 children)

https://www.flathub.org is using Let’s encrypt. Their certs only last 90 days so you need a script to make sure they are updated and pushed to your site. https://flathub.org uses Globalsign which lasts for 13 months. My guess is they don’t have a process for reconciling the two types of end dates.

[–] [email protected] 1 points 1 year ago (2 children)

It’s not hard to automate? I remember when Firefox had this same flub, lol

[–] Unquote0270 4 points 1 year ago

Even just manually, how hard is it to put a reminder in a calendar somewhere? I've never understood how/why this happens, it's really but difficult.

[–] [email protected] 1 points 1 year ago

You don't even need to automate. Certbot comes with a systemd timer called certbot-renew.timer which does this for you.

[–] [email protected] 7 points 1 year ago

Well that instills confidence

[–] [email protected] 4 points 1 year ago

topkek

[–] [email protected] 4 points 1 year ago (1 children)

FWIW .... it is fixed now.

[–] [email protected] 14 points 1 year ago (1 children)

It's broken on the www.flathub.org domain but not on just flathub.org by itself. Despite browsers trying to get rid of www its still commonly used.

[–] [email protected] 3 points 1 year ago (1 children)

Yeah, it isn't a good look for flathub. I looked at the certificate and the Subject Alternative Names section was missing the www prefix. Why they're not using Let's Encrypt and certbot beats me because this could all be automated.

[–] [email protected] 4 points 1 year ago (1 children)

So basic. Even I had it automated for my personal wedding website. Lol.

[–] [email protected] 3 points 1 year ago (1 children)

I use the DNS-01 challenge to take advantage of wildcard certs. Every 30 days, I have a cron job force a renewal, send a SIGHUP to nginx and I am back in biz. Ez-pezy

[–] [email protected] 1 points 1 year ago

Same here, just works!

[–] [email protected] 1 points 1 year ago (1 children)

It's not expired for me rn, so is this something that happened before?

[–] [email protected] 1 points 1 year ago

Did you go on flathub.org or www.flathub.org? The certs are fine on the former, but expired on the latter.

[–] [email protected] -1 points 1 year ago

And it's still less shit than Snaps. It's the giant douche and turd sandwich situation with this stuff.

[–] [email protected] -3 points 1 year ago

Ummm ... oops? 🤷‍♂️ 😆